Nowadays computing environment, networks or systems, which comprises e.g. computers or servers for running different applications or services, usually suffer from security problems. When a security problem, such as the recent ‘shell shock exploit’ is discovered in a server or computer in the system or network, there are few options on how to handle this. The most common approach is to hope that the system will not be compromised until a patch is developed and applied. A more secure approach is to stop the server or computer, or unplug it from the network, and wait for a security update before reconnecting it.
The problem with current solutions is that before a security update is developed and applied, the server is either vulnerable, or unavailable. This may not be acceptable for some applications and services running on the server.
The security problems become even more common and challenging in cloud computing, which is network-based computing and involves large collections of servers housed in data centers to provide computational resources and data storage. Cloud computing involves deploying groups of remote servers and software networks that allow different kinds of data sources be uploaded for real time processing to generate computing results without the need to store processed data in the cloud. Cloud computing relies on sharing of resources to achieve coherence and economies of scale over a network and also focuses on maximizing the effectiveness of the shared resources. Therefore, unplugging or stopping the servers which has security problems is not an attractive solution.
U.S. Pat. No. 8,813,240 describes technologies relating to defensive techniques for improving computer security. The system can monitor a virtual machine's clock accesses and determine whether the number of clock accesses exceeds a threshold. If the number of clock accesses exceeds the threshold, the system can determine that the virtual machine is executing a malicious process e.g., a side channel attack. The system can then limit the virtual machine's ability to access the clock. For example, the system can limit the frequency at which the virtual machine accesses the clock. In addition, the system can migrate one or more of the virtual machines hosted on the physical machine to a different physical machine. Therefore the method in U.S. Pat. No. 8,813,240 describes how to ‘escape’ a running malicious process once it has been discovered within the system and the solution hinges on first identifying the malicious process. Further, migrating one or more of the virtual machines in whole may be complicated and not necessary for other security problems.